CVE-2024-46226

Name of the Vulnerable Software and Affected Versions HelpDeskZ versions prior to 2.0.2

Description A stored cross site scripting (XSS) issue allows remote attackers to execute arbitrary JavaScript in the administration panel. This is achieved by including a malicious payload into the file name and upload file function when creating a new ticket.

Recommendations For versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the upload file function and validating file names to minimize the risk of exploitation.